After certificate renewal the certificate name and folder change


#1

3 days ago I created 3 certificates on a server with lot’s of domain.

Yesterday I tried a renewal of one of them, but I discovered that the certificate folder changes in something like domain.com-001. This obviously make the job of renewing without editing the virtualhost file more complex.

Is there a way to force the certificate destination folder?


#2

Did you pass the exact same domain names in the command? It shouldn’t change folder names unless you requested a different set of names for the new certificate.


#3

I asked the exact same name.

The only difference is that I put -d domain.com
instead of
-d domain.com -d www.domain.com

Can be the issue?


#4

Yes. It would be a different certificate. The earlier one was for “domain.com” and “www.domain.com” while the second one you requested was for “domain.com” only.


#5

I have not seen that problem even when requesting additional names.
AFAIK it takes the first domain passed with the “-d” option and creates a folder with that name in “/etc/letsencrypt/live/”

It has always asked me if I want to replace, never just created a separate folder with the certs.


#6

Thanks guys.

Now it works.


#7

Noticed only now that my cert say

CN = happy hacker fake CA

What does it mean?


#8

You’re using the staging server (useful for testing), which uses a non-trusted CA certificate.

Make sure you use the production API - that’s --server https://acme-v01.api.letsencrypt.org/directory with the official client.


#9

I put it in the .cli file but maybe it doesn’t work.

Forcing it on the command it works, but using the cli seems to not work.


#10

Did you specify the file using “–config filename.cli” ?
I also saw some post regarding specifying the full path to the config file.


#11

Yes

./letsencrypt-auto --config /etc/letsencrypt/cli.ini …